HealthcareCISO

Federal legislation signed into law earlier this year amending the HITECH Act could help incentivize many healthcare sector entities to bolster their cybersecurity programs, says Erik Decker, CISO of Intermountain Health and co-chair of a federal advisory task force that helped craft the provision and other potential cyber-related financial incentives.

The provision calls for federal regulators to consider whether a healthcare sector entity has implemented "recognized" security best practices, processes, standards or methodologies - such as those supported by the National Institute of Standards and Technology - before levying a fine or other enforcement action under HIPAA (see: Bill Spells Out New Factors to Weigh in Setting HIPAA Fines).

"The good news is that if you...